FW Gold - Content Restriction on iPhone, through VPN
I recently purchased a Firewalla Gold, and am waiting for it to be delivered; but wanted to educate myself prior to it arriving, so I can set it up without issue.
The primary reason we bought this is to establish content controls for our teenagers in the home, and would like to extent those controls to their phones (iPhones).
I understand I can enable the VPN server, and configure the phones to use this VPN for data; but I can't seem to find a tutorial to show how to do this.
I also can't determine if the VPN connection will enforce the content restrictions.controls onto the remote device.
Can someone confirm it will work as I expect, and if there's a tutorial, post a link? I used the search and dug through a few pages of results, but cannot seem to locate anything for this. Most of what I'm finding related to iPhones is 4 or so years old.
-
@firewalla - would love for you guys to be able to extend firewalla to mobile devices... it's such hard work as a parent trying to protect teenagers - despite having excellent dialogue with the kids, it's just impossible to get on top of the curiosity of a teenagers mind, but they simply don't have the restraints in place to constantly make so many good decisions in the barrage of all that's now available online
-
I now have the Firwalla Gold installed at home, and it's working great ... but I haven't experimented with VPN yet.
We've been using BARK on the kid's iPhones, and it's great. It's a paid service, but well worth it. It also works on a VPN, but will notify me if the kid turns VPN off.
We also use ScreenTime on the phones as well.
So Bark + ScreenTime provides great content filtering, notification alerts, as well as remote control (ie: ability to disable all data remotely) for the phone while Firewalla is providing content filtering on home devices.
It would be nice if the two could be merged.
-
Your only real option for controlling mobile devices (with their own data plans) is to install 3rd party software like Stoop uses, and this only works (in the midterm run) if you're the admin of their phones and they are not, in the long run this only stops someone who is mildly curious. If the kid wants to access a certain thing, they will be able to do so with enough effort as a teenager with the internet pretty much everywhere now.
To (unofficially) answer your question about VPN control: Once a device connects to the VPN on the firewalla box it's controlled as though it was on the local network with whatever restrictions you've got set up*.
*Note that Firewalla like other firewalls identifies devices by their "mac address", a mac address is (in theory) a specific device ID that identifies a network interface. This *can* be "changed" with certain software which would cause the device to appear as a new device, if you're blocking teens you'd be well advised to enable new device quarantine. Of note, some new phones (iOS 14 and pixel 5a for example for future searchers) come from the factory with the setting enabled that randomizes your mac address every time you connect to a wifi network, so you have to manually go in and disable it under advanced settings or you'll end up with multiple devices that are really just one physical device.
-
"I also can't determine if the VPN connection will enforce the content restrictions.controls onto the remote device."
This is also my question. I have now established a VPN Server on my Firewalla Blue+ using Wireguard. I wish to install the client onto my teenage son's phone so that all traffic then gets routed through the Firewalla. But, in testing on my own phone, I cannot seem to apply the content restrictions (Rules) that I have setup on my son's profile when connected to the VPN. They only apply when he is connected locally to the network.
-
@matt, the best is to try 1.973 beta; This version can see all the wireguard devices and you can apply rules to each device on the wireguard network. https://help.firewalla.com/hc/en-us/articles/4403336151827-Firewalla-Box-Release-1-973-App-Release-1-47
-
@Ben Someone
Note that Firewalla like other firewalls identifies devices by their "mac address", a mac address is (in theory) a specific device ID that identifies a network interface. This *can* be "changed" with certain software which would cause the device to appear as a new device, if you're blocking teens you'd be well advised to enable new device quarantine. Of note, some new phones (iOS 14 and pixel 5a for example for future searchers) come from the factory with the setting enabled that randomizes your mac address every time you connect to a wifi network, so you have to manually go in and disable it under advanced settings or you'll end up with multiple devices that are really just one physical device.
You can largely deal with these concerns by
- Turning on auto blocking of devices detected to use MAC randomization (on the Firewalla Gold at least…and probably Firewalla purple model as well).
- Putting the children’s devices on their own SSID and associated VLAN on a WiFi access point and then create the firewall rules and schedules etc. accordingly (and don’t tell them the password for your other SSIDs on the other VLANs on your AP)
-
Hello. I have the exact same situation where I would like to apply rules while kids are away. I set up Wireguard VPN so that kids' phones connect to Firewalla via VPN as soon as they leave the house. May I understand that the rules set for their phones (or group) do not apply when their phone are connected via VPN? The rules show blank for their VPN profiles uner devices; May I understand that I need to set the rules separately for their VPN profiles? It would be nice if the group can include VPN connections.
-
Did you ever solve this issue? I'm trying something similar but cannot get it to work how I want it.
Just posted a new topic about this, see here:
Enforcing (Wireguard) VPN on Android – Firewalla
Please sign in to leave a comment.
Comments
11 comments